Lesson 10 - Chapter 4: Firewalls and Internet Appliances Flashcards
What are firewalls?
devices or applications that protect an internal network from unauthorized access to/from the Internet
What are 2 of some of the methods firewalls use to protect networks?
- hiding IP addresses
- blocking TCP/IP ports
A typical network uses one or both of which 2 types of firewalls?
- Hardware firewalls (built into routers)
- Software firewalls (run on your computers)
(both protect your computer and network)
Can you run hardware and software firewalls at the same time?
yes
Most SOHO networks use what type of firewalls?
Hardware firewall (a feature built into a router)
How does a hardware firewall protect a LAN from outside threats?
Filters the packets before they reach your internal machines
Where do you go to configure a hardware firewalls?
your router’s browser-based settings
What do hardware firewalls use to inspect each incoming packet individually? What does it also block?
they use stateful packet inspection (SPI) which also blocks any incoming traffic that isn’t in response to your outgoing traffic
What does SPI stand for? What uses it?
Stateful Packet Inspection (what hardware firewalls use to inspect incoming packets individually)
What does “stateful” mean?
they check the state of communication of each inbound or outbound packet to confirm the 2 communicators are in an authentic conversation
What do you do if you want to allow outside users to access a web server on the LAN?
(remember, NAT hides the true IP addresses of your systems behind a single public IP address so you need to find a way to allow incoming traffic past the router/firewall and redirect it to the right PC)
You can use Port Forwarding to open a port in the firewall and direct incoming traffic on that port to a specific IP address on your LAN (the web server machine)
(for example, open Port 80 for HTTP packets to send all incoming traffic to the server machine)
What is Port Forwarding?
enables you to open a port in the firewall and direct all incoming traffic to that port (and to a specific IP address on your LAN)
(allows outside users access to a system/server on your LAN)
What’s another way to open ports on a firewall? What does it do? (2)
Port Triggering
it enables you to open an incoming connection to one computer automatically based on a specific outgoing connection
The trigger port defines the outgoing connection, and the destination port defines the incoming connection. If you set the trigger port to 3434 and the destination port to 1234, for example, any outgoing traffic on port 3434 will trigger the router to open port 1234 and send any received data back to the system that sent the original outgoing traffic.
What’s the difference between port forwarding and port triggering?
Port Forwarding = opens the port all the time, multiple devices can share the port and must use a static IP address
Port Triggering = only opens the incoming port when a single client at a time requests access to the trigger port and does not require static IP addresses
What do you use if you want to open every port on a machine?
Demilitarized Zone (DMZ)
What is a DMZ?
Demilitarized zone
it puts systems with the specified IP addresses outside the protection of the firewall (opening all ports and enabling all incoming traffic)
Completely dangerous, don’t use it!
What is the software firewall built into Windows?
Windows Defender Firewall
(handles port blocking, security logging, etc)
Should you use the same firewall settings for both public and private networks?
no
(using public networks should have more strict firewall settings)
Setting the appropriate firewall settings (public vs private) affects what 2 things?
- Windows Defender Firewall
- The PC’s ability to share and discover resources
What is a private network (the option)?
enables you to share resources, discover devices, and allow devices to discover your computer safely
What is a public network?
prevents your computer from sharing and disables all discovery protocols
Making a network private or public is an issue for both Wi-Fi and wired Ethernet connections. T or F?
False, wired connections are assumed to be private
When does Windows prompt you to choose the network type?
when your computer connects to a Wi-Fi network for the first time
You can change a network’s public/private designation any time as long as what?
you are connected to it
where do you go to change the public/private designation?
settings > network & internet > Wi-Fi > Network’s SSID > Network Profile type, click public or private
(or just right-click the WiFi icon in the notification area)
How do you access Windows Defender Firewall? (2 ways)
- Start menu (type it(
- Control Panel > System and Security > Windows Defender Firewall
What are exceptions?
choosing which programs and services can pass through the firewall
How are programs added to the firewall exceptions list?
most add themselves automatically when you install them
(otherwise, Windows prompts you the first time you run it)
What is the Windows Defender Firewall with Advanced Security? Where do you find it?
You find it under the Advanced Settings option for Windows Defender Firewall
It’s a tool (MMC snap-in) that gives you more control over exceptions
What are Internet appliances?
special-purpose devices that are incorporated into networks (typically provides levels of network security or performance boosting)
What are spam gateways?
on A+ exam
anti-spam appliances, devices that use onboard software to filter out incoming spam e-mails and IMs (spim)
Where are spam gateways typically used?
primarily in enterprise organizations, but many ISPs, schools, and small businesses have a version of this function
What does UTM stand for?
on A+ exam
UTM = unified threat management
What is UTM?
on A+ exam
Combines hardware and software to perform many security functions (firewall, remote access, VPN, web traffic filtering, anti-malware, etc)
What does a UTM look like? Which 2 places is it placed?
a Unified Threat Management solution can be a special appliance that is placed between an internal network and an end/gateway device or even installed on a virtual machine running cloud services
What are load balancers?
on A+ exam
spreads out the processing required to respond to incoming traffic requests across a group of servers so it’s as even as possible
(incoming requests are assigned to the next available, capable server)
Where are load balancers found?
they sit on the network between client devices and the servers to be balanced
What are proxy servers?
on A+ exam
an intermediary between its users and the resources they request
How do proxy servers work?
applications send requests to the proxy server instead of trying to access the Internet directly and the proxy server fetches the resources for the user instead
What Internet appliance allows you to monitor usage and restrict/modify access to content?
proxy servers
Where are proxy servers found?
Enterprise proxy servers are usually implemented as software running on a multi-purpose server
